b86ff85d1f572275909416bb9f3bb7539a91ab5e1a43ea1c9fbf2a89492357c1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

b86ff85d1f...1N.exe

windows7-x64

8

b86ff85d1f...1N.exe

windows10-2004-x64

8

Sharing

General

Target

b86ff85d1f572275909416bb9f3bb7539a91ab5e1a43ea1c9fbf2a89492357c1N
Size

3.7MB
Sample

240921-yx9wes1cnb
MD5

b5ac76d2d304e0d65a1645791c6294f0
SHA1

c12a3f2710f724d2e7a5b7d9ba21772650c7befa
SHA256

b86ff85d1f572275909416bb9f3bb7539a91ab5e1a43ea1c9fbf2a89492357c1
SHA512

28fe3dababfb157b785db98d1f1f23c1fc1e21cb4a5bdd1f9885f0a946e590681ecc0e0ad8c3eecc6a2fa6425847c283b22b0f8f97e59c7318d71f84b16430ca
SSDEEP

98304:k4wc3evzvh7phFW/Qwk8khbNqk9mgHdk6K1bDZ:PwcipFW/Qw7ob0gH6F/Z

Score

8^/10

defense_evasion discovery evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b86ff85d1f572275909416bb9f3bb7539a91ab5e1a43ea1c9fbf2a89492357c1N.exe

Resource

win7-20240704-en

defense_evasion discovery evasion

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

b86ff85d1f572275909416bb9f3bb7539a91ab5e1a43ea1c9fbf2a89492357c1N.exe

Resource

win10v2004-20240802-en

defense_evasion discovery evasion

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  b86ff85d1f572275909416bb9f3bb7539a91ab5e1a43ea1c9fbf2a89492357c1N
- Size
  
  3.7MB
- MD5
  
  b5ac76d2d304e0d65a1645791c6294f0
- SHA1
  
  c12a3f2710f724d2e7a5b7d9ba21772650c7befa
- SHA256
  
  b86ff85d1f572275909416bb9f3bb7539a91ab5e1a43ea1c9fbf2a89492357c1
- SHA512
  
  28fe3dababfb157b785db98d1f1f23c1fc1e21cb4a5bdd1f9885f0a946e590681ecc0e0ad8c3eecc6a2fa6425847c283b22b0f8f97e59c7318d71f84b16430ca
- SSDEEP
  
  98304:k4wc3evzvh7phFW/Qwk8khbNqk9mgHdk6K1bDZ:PwcipFW/Qw7ob0gH6F/Z
Score

8^/10

defense_evasion discovery evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasion

behavioral2

defense_evasiondiscoveryevasion

© 2018-2025

Terms | Privacy